This is your work, valued
@vysecurity
LinkedInt. LinkedIn Recon Tool
1.2kRedTips. Red Team Tips as posted by @vysecurity on Twitter
1.1kDomLink. A tool to link a domain with registered organisation names and emails, to other domains.
847DomainFrontingLists. A list of Domain Frontable Domains by CDN
578morphHTA. morphHTA - Morphing Cobalt Strike's evil.HTA
530IPFuscator. IPFuscator - A tool to automatically generate alternative IP representations
408ANGRYPUPPY. Bloodhound Attack Path Automation in CobaltStrike
325Aggressor-VYSEC. PowerShell
210CVE-2017-8759. CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.
176ps1-toolkit. Obfuscated Penetration Testing PowerShell scripts
153genHTA. Generates anti-sandbox analysis HTA files without payloads
122CobaltSplunk. Splunk Dashboard for CobaltStrike logs
90checkO365. checkO365 is a tool to check if a target domain is using O365
87CVE-2018-4878. Aggressor Script to launch IE driveby for CVE-2018-4878
86CACTUSTORCH. CACTUSTORCH: Payload Generation for Adversary Simulations
77ATT-CK_Analysis. Repository for my ATT&CK analysis research.
70ExfilServer. Client-side Encrypted Upload Server Python Script
67FSharp-Shellcode. F# Implementation to spawn shellcode
47Invoke-ProcessScan. Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.
47AzureAppC2. A script that can be deployed to Azure App for C2 / Proxy / Redirector
42PSPunch. An offensive Powershell console
30OffensiveLAM. A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or BRC4.
26basicAuth. Basic Auth Phish page
25PacketParser. A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.
22ShellcodeConversion. A collection of shell code conversion scripts that I have written over time for repetitive tasks
19RDPInception. A script to attack users who are RDPing into a machine and recurse this attack. For security testers and attack simulations.
19msmailprobe2. Office 365 and Exchange Enumeration Version 2
18WindfarmDynamite-CNA. CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe
16Office365TenantsList. Office365 Tenants List
16redteam-plan. Issues to consider when planning a red team exercise.
15Nemesis-Download-Watcher. Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.
15VBA-RunPE. A VBA implementation of the RunPE technique or how to bypass application whitelisting.
14autovpn. Easily connect to a VPN in a country of your choice
14AggressorScripts-1. Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
13EmpireAMSI. PowerShell
13DoH-Servers. DNS over HTTPS Servers
13IPFilter. IP address filter by City
12DriverVulnCheck. Takes Bruteratel `drivers` output and checks it against loldrivers.io
10S3Scanner. Scan for open S3 buckets and dump
10HostnameRotator. Daily hostname rotator
9wepwnise. A generator to weaponize Macro payloads that can evade EMET and utilises native VB migration.
9BadIP. Bad Security Vendor IPs
9EDRs. C
7PWNDB. Parse PWNDB
7nuclei-templates-notags.
6APT_CyberCriminal_Campagin_Collections. APT & CyberCriminal Campaign Collection
6Windows-SignedBinary. Python
6SCTPersistence. Create COM Objects backed by Scripts, not DLLs
6vysecurity.
6ASNLookup. ASNLookup Tool that queries Cymru's WHOIS Service
6CVE-2024-26229-BOF. BOF implementations of CVE-2024-26229 for Cobalt Strike and BruteRatel
5reflectivepotato. MSFRottenPotato built as a Reflective DLL. Work in progress. Gotta love Visual C++
5merlin. Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
4go-shellcode. A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
4magnifier0day. Windows 10 Privilege Escalation (magnifier.exe) via Dll Search Order Hijacking
4SUDO_KILLER. A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo
4vmware_vcenter_cve_2020_3952. Exploit for CVE-2020-3952 in vCenter 6.7
3doxycannon. A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy
3DefaultCreds-cheat-sheet. One place for all the default credentials to assist the pentesters during an engagement / A valid dataset for the data scientist
3GoPurple. Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
3