K8tools

K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection.

The framework distinguishes itself through its breadth of integrated capabilities, including a multi-protocol credential tester that checks username and password combinations across SSH, FTP, MySQL, and SMB services, along with port forwarding through compromised hosts to access internal services behind firewalls. It also provides UAC bypass via registry manipulation, a Windows privilege escalation toolkit that elevates processes from limited user to SYSTEM or Administrator, and USB keystroke injection attacks that program Teensy devices to simulate keyboard input on locked machines.

Beyond these core differentiators, the toolkit encompasses credential theft and cracking, internal network penetration testing, payload generation and obfuscation, remote code execution via exploits, and web application exploitation. It includes utilities for data encoding and decoding, live host discovery, subdomain enumeration, persistent backdoor deployment, web shell command execution, and password hash cracking, all accessible through local, command-line, or remote PowerShell execution methods.

Features

Penetration Testing Toolkits - An all-in-one collection of tools for network scanning, privilege escalation, password cracking, and exploit delivery.
Credential Theft and Cracking Suites - Extracts stored passwords, cookies, and hashes from compromised systems, then cracks them for unauthorized access.
Multi-Protocol Remote Crackers - Tests username and password combinations against SSH, FTP, MySQL, and SMB services to gain access.
Internal Network Penetration Testers - Scans, exploits, and moves laterally within a compromised internal network to gain access to additional systems.
Privilege Escalation Suites - Ships a set of utilities that elevate process rights from limited user to SYSTEM or Administrator using kernel and service exploits.
Vulnerability Exploitation Frameworks - Launches pre-built exploits against web applications, operating systems, and services.
Automated Exploit Execution - Delivers and executes pre-built exploit code against known vulnerabilities in services like Struts2 and SMB.
Scanner Modules - Provides a Ladon-based scanner that runs from PowerShell to discover hosts, scan ports, and execute post-exploitation commands.
Memory-Loaded Scanners - Loads a multi-function scanner into memory via PowerShell for command execution without disk writes.
Multi-Protocol Credential Testers - Tests username and password combinations across SSH, FTP, MySQL, and SMB services to identify weak authentication.
Remote Privilege Escalations - Runs privilege escalation tools directly from a remote shell or web shell.
Windows Privilege Escalation Suites - Elevates process privileges from limited user to SYSTEM or Administrator using kernel or service exploits.
Credential Extraction Utilities - Ships a utility that retrieves saved passwords, cookies, and history from browsers and local credential stores.
In-Memory Payload Execution - Downloads and runs obfuscated shellcode or PowerShell commands directly in memory to evade antivirus detection.
Payload Obfuscators - Creates encoded or obfuscated shellcode, PowerShell commands, or executables to evade antivirus detection.
Windows Privilege Escalations - Elevates a process from a limited user to SYSTEM or Administrator using kernel or service exploits on Windows.
UAC Bypasses - Suppresses UAC prompts to run administrative tools without user consent on Windows 7 through 10.
Remote System Exploitation - Delivers ready-to-compile exploit code for known vulnerabilities to gain initial access.
Port Scanning - Scans a user-specified list of ports on target hosts using the Ladon scanner.
Subdomain Enumeration - Enumerates subdomains of a target domain using a large dictionary to expand the attack surface.
MS17-010 Scanners - Scans a network range for systems vulnerable to the MS17-010 SMB exploit.
Password Cracking - Attempts to recover plaintext passwords from captured hashes using built-in cracking utilities.
Web Application Exploits - Identifies and exploits vulnerabilities in web applications, including SQL injection and deploying web shells.
Web Shell Executions - Runs system commands on a compromised server through a script embedded in a web page for remote control.
Remote Command Execution - Copies and runs commands or payloads on remote Windows and Linux hosts using standard management protocols.
Live Host Probes - Discovers active machines on a network segment without relying on open ports or firewall rules.
Remote Port Forwarding - Redirects traffic from one port to another on a remote machine to access internal services behind firewalls.
C2 Agent Persistence - Installs a remote control agent that maintains access through reverse shells, VNC, or custom listeners.
Remote Script Execution - Downloads and executes the Ladon scanner from a remote URL directly in memory without writing to disk.
USB Keystroke Injection Scripts - Programs a Teensy device to simulate keyboard input and execute payloads on locked Windows machines.
Browser Credential Extractions - Reads saved passwords, cookies, and history from browsers, VPN clients, and local credential stores.
Executable Payload Generations - Produces executable payloads for use in staged attacks or post-exploitation activities.

jaykali/maskphish

3,020View on GitHub

Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe

samratashok/nishang

9,951View on GitHub

Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a

SpecterOps/BloodHound

2,789View on GitHub

BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij

hfiref0x/UACME

7,375View on GitHub

UACME is a set of specialized tools designed to audit security configurations, escalate user privileges, and circumvent access control restrictions on Windows systems. It functions as a utility for executing commands with elevated privileges by bypassing User Account Control restrictions. The project includes a configuration auditor used to extract and analyze system settings to identify security misconfigurations and vulnerabilities. It provides a collection of techniques for gaining administrative rights on a host. The toolset covers a wide range of privilege escalation and security auditi

k8gegeK8tools

Features