17 个仓库
Techniques for downloading and executing scripts on a target machine from a remote source.
Distinct from Live Script Execution: Candidates focus on inline JS or SQL scripts; this is about remote delivery and execution of system scripts (PowerShell).
Explore 17 awesome GitHub repositories matching security & cryptography · Remote Script Execution. Refine with filters or upvote what's useful.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Downloads scripts from a URL and executes them on target systems via memory or disk.
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
Runs executable files or scripts on local or remote systems to bypass security controls.
Empire is a post-exploitation framework and command and control server designed to manage remote access agents. It provides a centralized system for coordinating these agents and executing specialized scripts across target systems. The project functions as a security evasion tool by adapting network communication patterns to bypass firewalls and monitoring tools. It utilizes a multi-language agent runtime and a modular plugin architecture to execute payloads across different operating systems. The framework covers a broad range of operational capabilities, including remote agent orchestratio
Executes targeted scripts on remote hosts for intelligence gathering and privilege escalation.
ClearML is a comprehensive MLOps platform designed to manage the end-to-end machine learning lifecycle, from initial experimentation to production deployment. It provides a suite of integrated tools including a pipeline orchestrator for automating workflows, an experiment tracking tool for logging hyperparameters and metrics, and a metadata-driven data versioning system for managing large-scale datasets and model artifacts. The platform is distinguished by its advanced compute management and serving capabilities. It features a GPU compute manager that supports fractional resource slicing and
Provides a command line interface for running scripts on remote machines without modifying source code.
Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag
Manages the deployment and execution of security scanners across remote agents to collect vulnerability data centrally.
Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp
Executes security workflows across cloud infrastructure, Docker containers, and remote SSH hosts with artifact persistence.
K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection. The framework distinguishes itself through its breadth of integrated capabili
Downloads and executes the Ladon scanner from a remote URL directly in memory without writing to disk.
This is a GitHub Action that executes shell commands on remote servers over SSH as part of a CI/CD pipeline. It supports authentication using passwords, private keys, or private keys with passphrases, and can verify the SHA256 fingerprint of the remote host's public key before connecting to prevent man-in-the-middle attacks. The action can connect to multiple remote hosts in a single workflow step, optionally executing commands synchronously across all of them. It also supports routing SSH connections through an intermediate jump host to reach target servers in restricted networks. Environmen
Sends selected or all CI runner environment variables to remote shell sessions for use in commands.
This repository contains the digital textbook and supplementary materials for probabilistic machine learning education. It provides structured text and guided study materials covering the mathematical foundations of probability and neural networks. The project emphasizes reproducibility through a collection of interactive notebooks and standalone scripts used to recreate data plots and figures from the text. These materials are hosted in external environments to allow users to execute complex machine learning code without local installation. The educational surface includes lecture slides, e
Provides specialized scripts to regenerate figures and perform computations described in the text.
This repository is a library of scripts for automating keystroke injection and executing remote payloads via USB HID devices. It provides a collection of pre-written automation sequences that simulate keyboard input to perform complex tasks on target operating systems. The framework supports cross-platform payloads capable of detecting target operating systems and adapting keyboard layouts for accurate character injection across different regions. It utilizes a staged payload method to download and execute external code from remote servers, extending the functionality of initial scripts. The
Uses initial scripts to download and execute additional system-level code from a remote source.
本项目是一个红队知识库和进攻性安全手册,旨在模拟对手行为。它作为技术指南和战术的综合集合,用于执行红队行动。 该存储库提供了 Active Directory 渗透测试的详细说明,包括 Kerberos 滥用和域权限提升。它涵盖了通过 API 解钩 (unhooking) 和载荷混淆进行的防御规避,以及涉及内核对象和系统内存操作的 Windows 内部研究。 功能范围扩展到网络渗透测试、恶意软件分析与工程,以及进攻性安全基础设施的部署。它还包括在企业环境中进行横向移动、持久化和数据外泄的方法。
Provides techniques for bypassing PowerShell language mode constraints to execute restricted scripts.
pad.ws 是一个基于 Web 的开发环境,集成了代码编辑器、终端和一个用于草图绘制的共享可视化画布。它作为一个远程开发环境和协作式可视化编程空间,团队可以在同一个界面中规划架构概念并编写代码。 该项目通过将数字白板与云开发环境相结合,弥合了设计与执行之间的鸿沟。这允许用户通过将交互式画布上的草图直接链接到实现代码,来进行可视化软件规划和技术构思。 该平台提供了云 IDE 开发和远程环境管理功能。这包括一个可通过浏览器访问的工作区,该工作区连接到云虚拟机以远程执行命令和管理文件。
Provides a web interface for running commands and scripts on remote machines via persistent connections.
TacticalRMM is a remote monitoring and management platform designed for overseeing endpoints and automating IT administration. It functions as an endpoint management tool and IT automation framework, providing a centralized dashboard for executing scripts, monitoring system health, and managing remote devices across multiple tenants. The platform distinguishes itself through a comprehensive remote administration suite that includes real-time shell access, remote file management, and registry editing. It integrates with third-party remote desktop software and provides a hierarchical policy inh
Triggers the execution of library scripts on remote agents via a programmatic API.
这是一个用于 Linux 安全审计和系统枚举的综合工具包。它作为一个框架,用于识别配置弱点、收集系统信息并检测漏洞,以协助在 Linux 系统上获得更高的管理访问级别。 该工具包包括用于基于版本的漏洞扫描的专门功能,该功能将已安装的软件与已知的受影响版本进行匹配,以及用于跟踪循环系统模式和定期任务的时间窗口进程监控。它还提供了用于在本地网络上托管和交付枚举脚本以在目标机器上进行远程执行的基础设施。 该系统涵盖了广泛的安全分析领域,包括本地权限提升扫描、基于规则的枚举以及基于用户定义的详细程度和类别的过滤输出报告。
Implements the capability to download and execute analysis scripts on target machines from a remote source.
Hoaxshell is a command and control system for Windows remote command execution. It provides a framework for generating and managing reverse shell payloads that utilize an HTTP beaconing protocol, where victim clients periodically poll a handler to receive and execute instructions. The project distinguishes itself through its ability to bypass PowerShell Constrained Language Mode using specialized payload generation. It supports encrypted command and control via TLS certificate injection and provides mechanisms for remote session recovery, allowing a handler to reestablish control over active
Implements specialized PowerShell payload construction to bypass Constrained Language Mode restrictions on hardened Windows systems.
OffensiveNim is a red teaming framework and post-exploitation toolkit developed in Nim. It provides a collection of low-level primitives and a Windows API wrapper designed for offensive security operations, including malware development and shellcode loading. The project focuses on evasion and obfuscation through techniques such as API unhooking, direct system calls, and anti-debugging mechanisms. It features diverse payload delivery methods, including reflective binary loading, the execution of .NET assemblies via CLR hosting, and various shellcode injection techniques using fibers, COM obje
Fetches scriptlet files from remote URLs and executes them through the system's script component runtime.
Phantom-Evasion is a security research framework designed for generating obfuscated payloads and automating post-exploitation tasks during authorized security assessments. It provides a suite of utilities for creating custom executables and libraries intended to test the effectiveness of antivirus and endpoint security detection systems. The framework distinguishes itself through a focus on memory-resident operations, allowing for the execution of encrypted binaries and shellcode directly within system memory. By utilizing techniques such as junk code injection, payload encryption, and remote
Enables remote execution by fetching and loading encrypted executables or libraries directly into memory from a remote source.