18 مستودعات
Tools for creating payloads designed to bypass endpoint protection.
Distinguishing note: Focuses on the generation of evasive code rather than general payload development.
Explore 18 awesome GitHub repositories matching security & cryptography · Evasive Payload Generators. Refine with filters or upvote what's useful.
The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to
Generates malicious code designed to bypass antivirus software and endpoint protection systems.
The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br
Generates malicious documents and websites by injecting payloads into predefined templates.
XSStrike is an automated security scanning engine designed for web application discovery, input
Constructs malicious strings dynamically by analyzing the surrounding HTML structure to ensure the injected code executes within the target environment.
TheFatRat is a security exploitation framework designed to automate the creation, obfuscation, and deployment of payloads for penetration testing. It functions as a comprehensive toolkit that streamlines the exploitation lifecycle, enabling users to generate malicious executables, manage network listeners, and execute post-exploitation tasks through a unified command-line interface. The framework distinguishes itself by integrating various third-party exploitation utilities into a single, orchestrated workflow. It provides specialized capabilities for embedding code into legitimate binaries a
Builds and disguises malicious executables and scripts for multiple operating systems.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Generates single-line commands to launch payloads through system utilities like Rundll32 to bypass whitelists.
Pupy is a command and control framework and post-exploitation suite used for remote administration and system management. It functions as a cross-platform tool for deploying payloads and controlling multiple remote agents through encrypted communication channels. The framework features a multi-platform payload generator that creates custom executable files using configurable network launchers. It employs a network traffic obfuscator that stacks encryption and obfuscation protocols to hide communication from observation. The system provides capabilities for in-memory code execution, remote pr
Generates custom executable files and scripts designed to bypass endpoint protection via configurable launchers.
fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-s
Supplies collections of null bytes and terminal escape codes to test application handling of non-printable characters.
Havoc is a post-exploitation framework used for red team operations. It provides a centralized command and control system for managing remote agents through persistent network connections and customizable communication profiles. The framework focuses on security evasion and stealth, utilizing indirect syscall execution, return address spoofing, and hardware-breakpoint patching to bypass endpoint detection and response tools. It includes a payload generation workflow to create executable shellcode or DLLs for initial remote access. The system covers a broad range of operational capabilities,
Includes a workflow for generating customized shellcode and DLL payloads designed to bypass endpoint protection.
Caldera is an adversary emulation platform and command and control framework designed to simulate cyber attack patterns. It functions as an automated red team tool and threat framework orchestrator, executing attack sequences based on standardized cybersecurity threat frameworks to validate security defenses and detection capabilities. The platform distinguishes itself through the dynamic compilation of customized executable payloads and the use of framework-mapped adversary modeling to structure attack techniques. It manages asynchronous agents on targeted endpoints via a central server acce
Generates customized executable binaries at runtime to deliver specific adversary behaviors to target endpoints.
Generates unique server-side scripts per session with embedded keys and command logic.
The Adversarial Robustness Toolbox (ART) is an open-source library that provides a unified framework for evaluating, defending, and certifying machine learning models against adversarial threats. It wraps models from any framework behind a common estimator interface, enabling composable pipelines for attack generation, defense application, robustness certification, and privacy auditing across evasion, poisoning, and extraction threats. The library distinguishes itself by covering the full adversarial ML security lifecycle within a single toolkit. It supports gradient-based adversarial example
Generates evasion attacks against classification models, optimizing strength on correctly classified samples.
Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t
Analyzes HTML structure and reflection points to dynamically construct payloads tailored to specific injection contexts.
Covenant هو إطار عمل للقيادة والتحكم قائم على .NET مصمم لعمليات الفريق الأحمر ومحاكاة الخصم. يعمل كمنصة تعاونية لتنسيق التقييمات الأمنية، وإدارة الغرسات البعيدة، وتنفيذ المهام على الأنظمة المخترقة من خلال خادم مركزي. يتميز المشروع بمولد حمولة ديناميكي، يقوم بتجميع وتعتيم الملفات التنفيذية والبرامج النصية أثناء التنقل لتجاوز الاكتشاف. كما يتميز ببيئة تعاونية تسمح لمشغلين مصادق عليهم متعددين بمشاركة حالة متزامنة، وتتبع المؤشرات التشغيلية، وإدارة الارتباطات المشتركة داخل واجهة واحدة. يوفر إطار العمل قدرات واسعة لتعتيم حركة المرور، بما في ذلك استخدام ملفات تعريف الشبكة المخصصة، وخطوط أنابيب تحويل البيانات، وترجمة البروتوكول القائمة على الجسر لإخفاء الاتصالات. كما يغطي احتياجات ما بعد الاستغلال مثل استرداد الملفات عن بُعد، وجمع بيانات الاعتماد المركزية، وتطوير وحدات مهام بعيدة مخصصة باستخدام نموذج امتداد المكونات الإضافية. يؤمن النظام الاتصالات بين الخادم والوكلاء باستخدام تثبيت شهادة SSL وتبادلات المفاتيح المشفرة لضمان سرية التوجيه.
Compiles and obfuscates source code on the fly to generate unique, non-static executable payloads.
Android-PIN-Bruteforce هي أداة أتمتة قائمة على الأجهزة مصممة لفتح شاشات قفل أجهزة Android عن طريق محاكاة إدخالات PIN الرقمية. تعمل كمحاكي إدخال USB HID يحاكي لوحة مفاتيح فعلية لإرسال ضغطات مفاتيح إلى جهاز مستهدف دون الحاجة إلى وصول الجذر (root) أو ADB. تم تصميم الأداة خصيصاً للعمل على الأجهزة المجهزة بـ NetHunter لتدقيق الأمان المادي وفتح الأجهزة. تدير الأداة عمليات قفل النظام من خلال تنفيذ فترات تهدئة تدريجية وتأخيرات قابلة للتهيئة بين دفعات الإدخال. تستخدم الأداة تعيين أجهزة مدفوعاً بالتكوين لضبط تسلسلات المفاتيح وملفات تعريف التوقيت لمختلف مصنعي الأجهزة وتطبيقات شاشات القفل. يدعم النظام الاستنفاد الرقمي الخطي وتوليد التسلسلات القائمة على الأنماط باستخدام أقنعة التعبير النمطي لاستهداف نطاقات PIN محددة. يتضمن النظام مراقبة الاتصال لاكتشاف حالة الجهاز وتشغيل عمليات إعادة المحاولة تلقائياً في حالة فصل الجهاز أو إعادة تشغيله.
Uses regular expression masks to generate specific numeric PIN patterns for targeted entry.
Godzilla is a post-exploitation toolkit and webshell management framework designed for remote administration, credential extraction, and memory shell injection. It provides a centralized platform to deploy, control, and monitor encrypted remote access scripts across multiple server environments. The project differentiates itself through a memory shell injector that loads binaries and shellcode directly into server memory to avoid disk-based detection. It also employs polyglot payload injection, deploying encrypted scripts across various language environments to maintain persistent connections
Creates dynamic webshell payloads for Java, .NET, PHP, and ASP environments.
Veil is a payload generation framework and a suite of tools designed to automate the creation of obfuscated binaries and encoded shellcode. It functions as an anti-virus evasion tool that transforms binary code to bypass security scanners and endpoint detection software. The framework utilizes multi-language payload generation, employing various programming language compilers to create executables that evade signature-based detection. It includes an evasive shellcode encoder to remove forbidden characters and apply obfuscation techniques to hide payload logic. The project covers the generati
Provides a framework for generating obfuscated shellcode and evasive binary payloads to bypass security software.
أداة Unicorn هي مجموعة من الأدوات لتوليد ملفات HTA خبيثة، ووحدات VBA الماكرو، وأوامر PowerShell المشفرة، وأطر عمل حقن كود الشل (Shellcode) المقيم في الذاكرة. توفر أدوات لإنشاء حمولات مصممة لتحقيق تنفيذ كود عن بعد عن طريق تجاوز ضوابط الأمان. يركز المشروع على تسليح مستندات Office من خلال وحدات الماكرو والصيغ VBA، وتوليد ناقلات هجوم HTA، وإنشاء حمولات PowerShell مشفرة. يتضمن إطار عمل لحقن كود الشل لتغليف كود الشل الخارجي للتنفيذ المباشر في ذاكرة النظام. تغطي مجموعة الأدوات التحويل من ثنائي إلى base64 لنقل الملفات القائم على الشهادات وطرق تجنب الكشف القائم على القرص. كما تتضمن قدرات لتشفير نصوص PowerShell وهجمات خفض الإصدار لتجاوز سياسات التنفيذ وقيود الأمان.
Creates HTA files that trigger command execution through a web browser.
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
Includes evasion modules to generate undetectable payloads that bypass endpoint protection and security software.