Top 23 post-exploitation Open-Source Projects

• fsociety

  2 10,071 0.0 Python

  fsociety Hacking Tools Pack – A Penetration Testing Framework

• byob

  3 8,750 0.0 Python

  An open-source post-exploitation framework for students, researchers and developers.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• pupy

  3 8,116 3.7 Python

  Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

• merlin

  1 4,924 8.2 Go

  Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. (by Ne0nd0g)

• mimipenguin

  2 3,678 0.0 C

  A tool to dump the login password from the current linux user

• Viper

  1 3,475 6.8

  Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台 (by FunnyWolf)

• Ghost

  2 2,528 7.5 Python

  Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. (by EntySec)

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• EvilOSX

  5 2,171 0.0 Python

  An evil RAT (Remote Administration Tool) for macOS / OS X.

• SILENTTRINITY

  2 2,134 3.4 Boo

  An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

• ligolo-ng

  5 2,112 6.2 Go

  An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

  

Project mention: Actual SSH over HTTPS | news.ycombinator.com | 2023-12-23

I learned about chisel in PEN-200 / preparing for the OSCP.

Then I learned about, Ligolo-ng [1] which is a game-changer. I highly recommend checking it out. It is most applicable to a penetration test. It uses TLS so I'm not sure it could be used to address the issue mentioned in the article.

[1] https://github.com/nicocha30/ligolo-ng

• SSH-Snake

  7 1,809 7.7 Shell

  SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

Project mention: FLaNK Weekly 08 Jan 2024 | dev.to | 2024-01-08

• venom

  2 1,705 0.0 Shell

  venom - C2 shellcode generator/compiler/handler (by r00t-3xp10it)

• emp3r0r

  3 1,205 9.4 Go

  Linux/Windows post-exploitation framework made by linux user

• kubesploit

  23 1,071 0.0 Go

  Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

  

• BlackMamba

  1 990 0.0 Python

  C2/post-exploitation framework

• Teardroid-phprat

  2 731 3.5 Smali

  :india: :robot: It's easy to use android botnet work without port forwarding, vps and android studio

Project mention: Will I get in trouble for doing | /r/Hacking_Tutorials | 2023-05-01

1 year ago i have create a android botnet called teardroid and its open source i was using a free service which allow hosting python serverless web application

• PowerHub

  1 693 6.0 PowerShell

  A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

• Forensia

  3 657 0.0 C++

  Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

Project mention: PaulNorman01/Forensia | /r/programming | 2023-09-10

• PsMapExec

  1 651 9.3 PowerShell

  A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec

Project mention: PsMapExec - Active Directory and Windows Lateral Movement | /r/Infosec | 2023-10-21

• Heroinn

  2 618 10.0 Rust

  A cross platform C2/post-exploitation framework.

• swap_digger

  1 496 0.0 Shell

  swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

• GTFONow

  1 491 6.4 Python

  Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

• AlanFramework

  4 458 3.2 Assembly

  A C2 post-exploitation framework

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

post-exploitation related posts

• Haven't been using kali in a long time and wanted to know why Ngrok is not working on Blackeye? blackeye itself doesn't exist anymore lol
  1 project | /r/Kalilinux | 7 Dec 2023
• PaulNorman01/Forensia
  1 project | /r/programming | 10 Sep 2023
• Ideas of how to integrate ML into vulnerable scanning
  1 project | /r/HowToHack | 8 Mar 2023
• Forensia: Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
  1 project | /r/u_Tsofmetasploit | 9 Jan 2023
• Heroinn: A cross platform C2/post-exploitation framework.
  1 project | /r/blueteamsec | 14 Sep 2022
• Alanframework - A c2 post-exploitation framework
  1 project | /r/github_trends | 30 Jul 2022
• AlanFramework: A C2 post-exploitation framework now open source
  1 project | /r/blueteamsec | 25 Jul 2022
• A note from our sponsor - SaaSHub
  www.saashub.com | 24 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com