30 open-source projects similar to tylous/sourcepoint, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best SourcePoint alternative.
C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes with a pre-packaged web client that uses a blend of React, vanilla JS, and web assembly to manage file transfers.
This project is intended to serve as reference when designing Cobalt Strike Malleable C2 profiles.
Authors Joe Vest (@joevest) & Andrew Chiles (@andrewchiles)
Search for potential frontable domains
Release blog: GraphStrike: Using Microsoft Graph API to Make Beacon Traffic Disappear Developer blog: GraphStrike: Anatomy of Offensive Tool Development
` .....---... ..-'-. .--' '--.. .-' ( 0) Y'' ''-.. (---.., '-. ---.,.-\ \----......./ /..------..._ '-. / / / / \ \ \ \ -. \ (((-' (((-' (((---' (((--- ) / .-'.-' Chameleon: @domchell, MDSec ActiveBreach (-, `
AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile. Any incoming requests that do not share the profiles user-agent, URI paths, headers, and query parameters, will be redirected…
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It…
Empire is a command and control framework and post-exploitation toolkit used for network penetration testing. It serves as a centralized platform for coordinating remote agent communication and automating the delivery of security testing payloads to target systems. The project provides a suite of modules for host reconnaissance, lateral movement, and credential harvesting across corporate environments. It functions as a remote administration tool to maintain persistence and execute commands on compromised hosts. The framework incorporates capabilities for agent orchestration and the executio
This project is a curated collection of tools, scripts, and technical guides designed to enhance offensive security operations using Cobalt Strike. It serves as a resource hub for managing command and control infrastructure and deploying security engagements. The collection includes toolkits for evading endpoint detection and response systems, alongside libraries for automating red team tasks such as reconnaissance and host enumeration. It provides resources for developing post-exploitation frameworks, specifically focusing on the creation of reflective libraries and memory-resident code. Th
Havoc is a post-exploitation framework used for red team operations. It provides a centralized command and control system for managing remote agents through persistent network connections and customizable communication profiles. The framework focuses on security evasion and stealth, utilizing indirect syscall execution, return address spoofing, and hardware-breakpoint patching to bypass endpoint detection and response tools. It includes a payload generation workflow to create executable shellcode or DLLs for initial remote access. The system covers a broad range of operational capabilities,
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
A Proof of Concept for weaponizing SysWhispers for making direct system calls in Cobalt Strike Beacon Object File.