Villain VS Pentest-Notes

What are some alternatives?

hoaxshell - A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

mageni - Open-source vulnerability scanner

HavocNotion - A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.

jwtXploiter - A tool to test security of json web token

aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.

hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

PowerShell-Obfuscation-Bible - A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.

dradis-ce - Dradis Framework: Collaboration and reporting for IT Security teams

uuid-loader - UUID based Shellcode loader for your favorite C2

favirecon - Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

recon - Enumerate a target Based off of Nmap Results

WhatWeb - Next generation web scanner