30 open-source projects similar to silentbreaksec/throwback, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Throwback alternative.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Stitch is a command and control framework and post-exploitation toolkit designed for managing multiple remote systems from a central server. It functions as a remote administration tool and payload builder, enabling the execution of commands and the deployment of agents across different operating systems. The project features a cross-platform builder for generating custom executable agents with configurable network bindings and boot behaviors. It utilizes encrypted communication channels to secure traffic between the controller and remote clients, and it supports the execution of dynamic scri
SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
A post exploitation framework designed to operate covertly on heavily monitored environments
Empire is a post-exploitation command-and-control (C2) framework designed for red team operations. It deploys and manages agents written in PowerShell, Python, C#, Go, and C across Windows, Linux, and macOS, using encrypted communication channels over HTTP, HTTPS, and SMB. The framework executes over 400 built-in modules for reconnaissance, privilege escalation, credential theft, and lateral movement, and provides a modular engine for authoring custom attack modules. What sets Empire apart is its multi-language agent deployment system, which allows operators to choose implants that suit each
BeEF is a modular security testing environment designed for browser exploitation and web application auditing. It functions as a platform for security professionals to evaluate client-side defenses by injecting persistent scripts into web browsers, establishing a bidirectional communication channel for remote command execution and data exfiltration. The framework distinguishes itself through its ability to use compromised browser sessions as proxies to conduct internal network reconnaissance, effectively bypassing perimeter security controls. It utilizes an event-driven control interface and
Sliver is a command and control framework designed for adversary emulation and security assessment operations. It provides a centralized platform for managing remote systems, enabling security professionals to coordinate multi-operator sessions and maintain persistent, secure communication channels across diverse network environments. The framework distinguishes itself through its focus on stealth and infrastructure flexibility. It utilizes dynamic payload obfuscation to generate unique binaries and supports in-memory execution to minimize disk artifacts. Communication is secured through mutu
Gcat A stealthy Python based backdoor that uses Gmail as a command and control server
An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
Proof of concept MacOS post exploitation tool written in Swift. Designed as a POC for blue teams to build macOS detections. Author: Cedric Owens
NimPlant - A light first-stage C2 implant written in Nim|Rust and Python
Covenant is a .NET-based command and control framework designed for red team operations and adversary simulation. It serves as a collaborative platform for coordinating security assessments, managing remote implants, and executing tasks on compromised systems through a centralized server. The project is distinguished by its dynamic payload generator, which compiles and obfuscates executable binaries and scripts on the fly to bypass detection. It further separates itself through a collaborative environment that allows multiple authenticated operators to share a synchronized state, track operat
Tool to deploy a post-exploitation prompt at any time
Web Based Command Control Framework (C2) #C2 #PostExploitation #CommandControl #RedTeam #C2Framework #PHPC2 #.NETMalware #Malware #PHPMalware #CnC #infosec #offensivesecurity #Trojan
WEASEL is a small in-memory implant using Python 3 with no dependencies. The beacon client sends a small amount of identifying information about its host to a DNS zone you control. WEASEL server can task clients to execute pre-baked or arbitrary commands.
PetaQ is a malware which is being developed in .NET Core/Framework to use websockets as Command & Control (C2) channels. It's designed to provide a Proof of Concept (PoC) websocket malware to the adversary simulation exercises (Red & Purple Team exercises).
C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It…
Havoc is a post-exploitation framework used for red team operations. It provides a centralized command and control system for managing remote agents through persistent network connections and customizable communication profiles. The framework focuses on security evasion and stealth, utilizing indirect syscall execution, return address spoofing, and hardware-breakpoint patching to bypass endpoint detection and response tools. It includes a payload generation workflow to create executable shellcode or DLLs for initial remote access. The system covers a broad range of operational capabilities,
dnscat2 is a DNS tunneling tool and covert command and control server that encapsulates encrypted traffic within DNS queries and responses. It functions as an encrypted DNS proxy designed to bypass network firewalls and establish communication paths when standard outbound ports are blocked. The project enables the creation of covert network channels by acting as an authoritative nameserver. It supports remote command execution through interactive shells and provides a mechanism for tunneling TCP network traffic to reach restricted remote hosts. The system includes capabilities for multiplexe
Apfell is a red teaming framework and command and control server designed for collaborative adversary simulation. It provides a centralized infrastructure to manage remote agents and distribute tasking across multiple operating systems using a message broker for real-time synchronization. The system functions as a distributed agent orchestrator, allowing teams to coordinate complex attack chains and synchronize container data. It features a multi-platform payload manager that enables the downloading and integration of custom agents and command profiles from remote repositories. The platform
EvilVM compiler for information security research tools. The project is built around a native code Forth compiler that is deployed as a position independent shellcode. It provides a platform for remote code execution, useful in information security contexts.
An evil RAT (Remote Administration Tool) for macOS / OS X.
Open source pre-operation C2 server based on python and powershell
Caldera is an adversary emulation platform and command and control framework designed to simulate cyber attack patterns. It functions as an automated red team tool and threat framework orchestrator, executing attack sequences based on standardized cybersecurity threat frameworks to validate security defenses and detection capabilities. The platform distinguishes itself through the dynamic compilation of customized executable payloads and the use of framework-mapped adversary modeling to structure attack techniques. It manages asynchronous agents on targeted endpoints via a central server acce
This repo contains the slides and concept code for my BlackHat USA 2019 talk about Command and Control.
Pupy is a command and control framework and post-exploitation suite used for remote administration and system management. It functions as a cross-platform tool for deploying payloads and controlling multiple remote agents through encrypted communication channels. The framework features a multi-platform payload generator that creates custom executable files using configurable network launchers. It employs a network traffic obfuscator that stacks encryption and obfuscation protocols to hide communication from observation. The system provides capabilities for in-memory code execution, remote pr