fsociety Hacking Tools Pack – A Penetration Testing Framework

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Curated list of Unix binaries that can be exploited to bypass system security restrictions

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

A tool to dump the login password from the current linux user

An evil RAT (Remote Administration Tool) for macOS / OS X.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

venom - shellcode generator/compiler/handler (metasploit)

Bash post exploitation toolkit

A Python Package for Data Exfiltration

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

A framework for Backdoor development!

Load shellcode into a new process

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

Orc is a post-exploitation framework for Linux written in Bash

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Network Pivoting Toolkit

Sifter is a OSINT, recon & vulnerability scanner. It incorporates a plethara of tools within different module sets that tries to cover every attack vector. Allowing you to quickly perform recon tasks and organize the results in one place. From OSINT to Recon, Exploitation, Post-Exploitation, OpSec, Threat Analysis, XSS, SQLinjection, Network Scanning, WebApp Analysis or DNS enumeration.. Sifter should be able to cover it all.

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contributions are appreciated. Enjoy!

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

[Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count, last update time. This is the DRAFT version.

This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

Linux post exploitation privilege escalation enumeration