22 个仓库
Techniques for transforming payloads between text and binary formats during remote delivery.
Distinct from Remote Command Execution Tools: Focuses on the format conversion process specifically for payload delivery
Explore 22 awesome GitHub repositories matching security & cryptography · Payload Conversion and Execution. Refine with filters or upvote what's useful.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Downloads text-formatted executables, converts them to binary, and runs them on the local system.
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
Identifies signed system libraries that can be used to launch DLLs or command-line instructions.
Havoc is a post-exploitation framework used for red team operations. It provides a centralized command and control system for managing remote agents through persistent network connections and customizable communication profiles. The framework focuses on security evasion and stealth, utilizing indirect syscall execution, return address spoofing, and hardware-breakpoint patching to bypass endpoint detection and response tools. It includes a payload generation workflow to create executable shellcode or DLLs for initial remote access. The system covers a broad range of operational capabilities,
Includes a utility for creating executable, shellcode, or DLL payloads to establish initial remote access.
HackTools is a browser extension pentesting toolkit designed for offensive security professionals. It serves as a centralized collection of tools for generating payloads, managing penetration testing workflows, and accessing security reference materials within a web-based interface. The project provides specialized utilities for generating attack strings for XSS, SQL injection, and reverse shells to identify and exploit web vulnerabilities. It includes a data encoding and hashing utility to convert information between various formats for the purpose of bypassing security filters or verifying
Includes tools and methods for running remote commands to exfiltrate sensitive data.
K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection. The framework distinguishes itself through its breadth of integrated capabili
Delivers ready-to-compile exploit code for known vulnerabilities to gain initial access.
该项目是 AWS Lambda 的性能优化器和资源基准测试工具。它通过测试各种内存配置来分析执行速度与成本之间的权衡,以确定最具成本效益的设置并最小化运营支出。 该工具利用 AWS Step Functions 编排器来自动化执行和收集跨不同功率级别的多个函数测试运行的数据。它通过注入自定义静态或远程数据并使用加权有效负载分布来模拟生产工作负载,以模仿真实世界的流量模式。 该套件涵盖了几个功能领域,包括迭代内存采样和基于指标的成本建模,以可视化性能权衡。它为临时函数版本和别名提供自动化资源清理、为受限内部资源提供私有网络配置,以及提供远程有效负载加载以绕过标准调用大小限制。 部署通过基础设施即代码(IaC)结构进行处理,以确保环境设置的一致性和可重复性。
Fetches input data from remote storage to bypass size limits for payloads exceeding the standard maximum.
PhoneSploit-Pro 是一个 Android 漏洞利用和远程管理工具包。它提供了一个系统,用于通过 Android Debug Bridge 协议远程控制 Android 设备并提取数据。 该项目与 Metasploit 集成,以自动化创建和安装有效载荷,建立持久的命令与控制会话。它还包括一个网络设备扫描器,通过探测 TCP 端口来识别本地网络上的活跃 Android 主机。 该工具包涵盖了广泛的管理和取证功能,包括远程 Shell 执行、应用程序管理和硬件状态控制。它能够提取消息和联系人等用户数据,并通过屏幕镜像以及来自设备摄像头的实时音视频流进行实时监控。 该软件包含自动化实用程序,用于检测主机操作系统并安装所需的二进制依赖项。
Automates the creation and installation of payloads to establish remote sessions for device compromise.
This project is a collection of malware analysis reports and decompiled code focused on a backdoor embedded within an Android application. It serves as a study of Android APK malware, documenting the specific code patterns used for unauthorized data access and system security bypasses. The research focuses on dynamic bytecode loading and the execution of remote files to implement persistence. It specifically analyzes mechanisms for downloading and running remote Dalvik Executable files to change application behavior without updating the installed package. The analysis covers several security
Retrieves encrypted execution modules from remote servers to implement persistence and background data collection.
Ladon 是一款内网渗透扫描器和漏洞评估工具,旨在识别跨网段的高风险安全漏洞和资产。它作为一款无文件安全扫描器,直接在内存中执行引擎和模块,从而避免在目标系统上留下磁盘痕迹。 该项目的特色在于作为 Cobalt Strike 框架中命令信标(Beacon)的插件集成。这实现了内存驻留的网络发现和漏洞检测。它还通过载荷和脚本混淆,以及绕过终端检测与响应(EDR)系统的技术,支持隐蔽操作。 该工具提供了一套全面的后渗透功能,包括凭据审计、提取,以及用于域渗透的 Kerberos 攻击执行。它通过多协议扫描和服务指纹识别来处理资产发现,以识别操作系统和 Web 技术。此外,它还支持横向移动自动化、权限提升以及远程代码执行载荷的部署。 该框架通过插件架构实现扩展,允许动态加载外部程序集或脚本,以添加自定义扫描模块和概念验证(PoC)。
Deploys shells or executes commands on target systems to gain full system control.
AndroRAT 是一款针对 Android 设备的远程管理工具和监控框架。它由一个基于 Python 的命令服务器和一个基于 Java 的客户端代理组成,它们建立持久的套接字连接以实现远程控制和数据提取。 该项目包括一个有效载荷生成器,用于创建配置有特定网络地址和端口的签名安装包以进行部署。一旦激活,该框架提供了一个中央界面来管理多个连接的设备,通过在设备启动时重启的后台服务来维持访问。 该系统通过交互式 Shell 执行和系统数据传输涵盖远程管理。它还提供用于检索通信日志、提取设备信息和位置数据以及远程捕获音频、视频和照片的监控功能。
Includes automated workflows to generate signed installation packages as remote access payloads for target devices.
Covenant 是一个基于 .NET 的命令与控制(C2)框架,专为红队行动和对抗模拟而设计。它作为一个协作平台,用于协调安全评估、管理远程植入物,并通过中央服务器在受损系统上执行任务。 该项目的特色在于其动态载荷生成器,可即时编译和混淆可执行二进制文件及脚本以绕过检测。它通过一个协作环境进一步脱颖而出,该环境允许多个经过身份验证的操作员共享同步状态、跟踪操作指标,并在单个界面内管理联合行动。 该框架提供了广泛的流量混淆功能,包括使用自定义网络配置文件、数据转换流水线以及基于网桥的协议转换来掩盖通信。它还涵盖了后渗透需求,如远程文件检索、集中式凭据收集,以及使用插件扩展模型开发自定义远程任务模块。 该系统使用 SSL 证书固定和加密密钥交换来保护服务器与代理之间的通信,以确保前向安全性。
Generates and obfuscates dynamic .NET binaries to establish persistent remote access to target hosts.
Mythic 是一个红队框架和命令与控制服务器,专为管理渗透后活动而设计。它提供了一个集中式系统,用于向部署在不同目标平台和操作系统上的代理下达任务并接收遥测数据。 该平台具有协作式操作员界面,允许多个安全研究人员在共享环境中协调操作并跟踪目标活动。它支持通过多平台载荷管理器部署和更新不同的代理载荷。 该框架利用基于插件的架构来扩展功能,允许集成来自远程仓库的自定义命令配置文件和载荷定义。其操作结构采用基于容器的服务隔离和消息桥接,以在解耦组件之间同步数据和任务。
Manages the deployment and updating of diverse agent payloads and external command profiles across different operating systems.
Apfell 是一个红队框架和命令与控制服务器,专为协作式对抗模拟而设计。它提供了一个集中式基础设施来管理远程代理,并使用消息代理在多个操作系统之间分发任务以实现实时同步。 该系统作为一个分布式代理编排器,允许团队协调复杂的攻击链并同步容器数据。它具有多平台载荷管理器,支持从远程仓库下载和集成自定义代理及命令配置文件。 该平台涵盖对抗模拟管理、分布式命令控制以及使用模块化命令配置来在不同目标环境中保持一致的执行行为。
Implements a framework for deploying and updating diverse agent payloads and command profiles across multiple operating systems.
Donut is a toolset for loading and executing payloads in memory, featuring a position-independent shellcode generator, an in-memory payload injector, and a .NET assembly loader. It is designed to convert executable files and scripts into shellcode that can be executed within the memory space of a remote process without writing files to disk. The project specializes in security evasion through memory-based patching and payload obfuscation using symmetric block ciphers and compression. It includes a remote payload stager to retrieve encrypted modules from HTTP or DNS servers during runtime, red
Downloads an encrypted Donut Module from a specified URL at runtime instead of embedding it in the shellcode.
Godzilla is a post-exploitation toolkit and webshell management framework designed for remote administration, credential extraction, and memory shell injection. It provides a centralized platform to deploy, control, and monitor encrypted remote access scripts across multiple server environments. The project differentiates itself through a memory shell injector that loads binaries and shellcode directly into server memory to avoid disk-based detection. It also employs polyglot payload injection, deploying encrypted scripts across various language environments to maintain persistent connections
Generates and deploys dynamic webshell payloads across Java, .NET, PHP, and ASP environments.
tplmap 是一款旨在检测和利用服务器端模板注入 (SSTI) 漏洞的安全工具。它作为一个自动化扫描器,用于识别易受攻击的模板引擎上下文,并提供了一个实现远程代码执行的框架。 该工具专注于将高级请求转换为引擎特定的语法,以执行操作系统命令并绕过应用沙箱。它还支持远程文件系统访问,允许用户在本地机器和目标服务器之间读取、写入和传输文件。 其他功能包括启动本地易受攻击的服务器以模拟有缺陷的环境进行 Payload 验证。该项目还支持与 Web 安全代理集成,以自动化将测试 Payload 注入到拦截的流量中。
Translates high-level requests into engine-specific syntax to execute operating system commands on target servers.
This project is a suite of tools for generating encoded shell commands and network listener configurations used in offensive security operations. It provides a collection of command generators for various shells and listeners to establish remote access during security penetration tests. The tool features a reverse shell payload generator that creates encoded command strings and a network listener command generator that produces the server-side syntax needed to accept incoming network connections. It includes a Base64 command encoder to transform shell commands into encoded strings to bypass s
Creates encoded command strings designed to establish remote access on target systems.
Discover 是一个基于 Bash 的渗透测试工具包,旨在自动化侦察、扫描和枚举任务。它是一个综合套件,用于开源情报收集、网络侦察、容器审计、有效载荷生成和安全数据解析。 该项目通过集成多个专业工作流脱颖而出,包括用于提取公司元数据的被动 OSINT 框架、用于映射攻击面的网络侦察套件,以及用于识别镜像和集群中漏洞与密钥的容器安全审计器。它还包含一个 Metasploit 有效载荷生成器,可跨各种架构创建反向 Shell 并自动化配置网络监听器。 该工具包涵盖了广泛的安全操作,包括针对 WAF 和 OAuth 配置错误的 Web 应用漏洞扫描、SSL 证书的基础设施审计,以及将结构化 XML 安全工具输出转换为 CSV 格式。 该工具包专为在 Kali Linux 和 Ubuntu 上运行而设计。
Configures network parameters like LHOST and LPORT to capture incoming traffic from security payloads.
ysoserial.net is a payload generator for .NET deserialization, designed to create malicious serialized objects and structured gadget chains. It serves as a tool for generating command execution strings and security testing suites used to assess vulnerabilities in .NET formatters. The tool enables the creation of sequences of object calls that trigger remote code execution during the reconstruction of serialized data. It produces specialized payloads for executing system commands, loading remote libraries, and accessing local file systems. The project includes capabilities for optimizing payl
Produces payloads that force a target application to load a native library from a remote source.
Marshalsec is a toolkit designed for generating malicious serialized Java objects to achieve remote code execution during the unmarshalling process. It functions as a Java deserialization exploit tool and a framework for triggering Java Naming and Directory Interface lookups to remote servers. The project provides a JNDI redirector service that intercepts lookups and points targets toward a remote codebase. It includes utilities for crafting payloads that force Java applications to download and execute arbitrary classes from a remote URL. The toolset covers security analysis activities inclu
Implements mechanisms that retrieve execution modules from remote servers during the deserialization process.